Boon or Burden? IT Leaders on the Promise, Pitfalls of Data Wealth

IT officials from several Bay Area jurisdictions recently discussed a few of the challenges their organizations face when it comes to managing and protecting their diverse data stores.

Government is one of the more prolific collectors of data — ranging from the mundane to the hyper-confidential — and managing these collections has become an increasingly nuanced process, officials said during a panel discussion at the Bay Area Digital Government Summit* in Berkeley last month.

IT officials from Union City, the city of Richmond and Napa County shared the approaches that their organizations are taking in this area.

For Napa County, enterprise data management was an area in need of improvement, said Napa County CIO Jon Gjestvang. Silos across departments and a number of proprietary systems posed a challenge that prompted leadership to design a more comprehensive strategy in the spring of 2023.

“The result of that was clear definition of where the county should go when we’re dealing with data,” Gjestvang said, adding that a central component of protecting data and using AI-enabled tools is knowing what data the county holds and having a strong foundation.

“It’s a huge, daunting task, but it’s one that has to be taken,” he added.

In addition to bolstering a more data-focused culture across the county, Gjestvang said, an enterprise data management system was adopted that allows for better sharing and data correlation. A memorandum of understanding was used to ensure that departments used the new data streams available to them appropriately.

Sharing data among departments is one thing, but determining what to collect, keep and share with the public is quite another. For the city of Richmond, the data retention policy far exceeds the legal requirements, said Richmond IT Manager Rebecca Venegas, as the city keeps records dating back decades in some cases.

The city sees a fair number of public records requests, which are aided by specialized platforms to minimize the use of staff time. Venegas noted that publishing some frequently requested data on a publicly available dashboard has also helped to curb staff workloads. The available information includes service calls, police department information and GIS data, to name a few.

“There is a new policy that we have written that is going to tighten up how much they are keeping,” she said. “We have found it to be too disruptive. It’s taking a long time and a lot of staff time to fulfill these data requests. While we’re not going to get rid of them all, we are going to reduce some of the data that we’re keeping within the city.”

Where protecting sensitive data from publication is concerned, Venegas said steps are taken to remove sensitive information like resident names and addresses, police service call locations, and the like.

The idea of collecting data is all well and good until it’s the target of hackers. Union City experienced a data breach in 2019 and was left scrambling to figure out exactly what information could have been compromised, explained IT Director Mario Vallejo.

The capacity to hold the data was not being adequately checked against the potential risks, Vallejo said.

“At the time, in 2019, we were still using file servers for all of our back-end data — for user data, department data — and we thought we had really well-organized user rights, organized folders,” Vallejo said. “The challenge that we ran into was there was no automation that said, ‘OK, we think this is the data that’s in that folder … .’”

Forensics examination was able to determine that the intruders got in but not out with sensitive data. “Really looking back at it, we were lucky,” he said.

The incident prompted officials to simplify the data classification process into four categories — public, internal, classified and restricted — which help the team to implement the corresponding security controls. Vallejo noted that as data stores grow, tools and services will become increasingly important for organizations looking to avoid manual processes.

“If it’s not the tools and service and automation that are doing it, it’s not going to happen,” he said.

*The Bay Area Digital Government Summit is hosted by Government Technology, Industry Insider — California's sister publication. Both are part of e.Republic.